npm - opencode-swarm - Versions diffs - 6.56.0 → 6.57.0 - Mend

opencode-swarm 6.56.0 → 6.57.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +43 -0
package/dist/cli/index.js +4 -1
package/dist/config/schema.d.ts +9 -0
package/dist/hooks/guardrails.d.ts +3 -0
package/dist/index.js +2049 -11
package/package.json +4 -1

package/README.md CHANGED Viewed

@@ -689,8 +689,11 @@ Override default rules in `.opencode/opencode-swarm.json`:
 |-------|------|-------------|
 | `readOnly` | boolean | If `true`, agent cannot write anywhere |
 | `blockedExact` | string[] | Exact file paths that are blocked |
+| `allowedExact` | string[] | Exact file paths that are allowed (overrides prefix/glob restrictions) |
 | `blockedPrefix` | string[] | Path prefixes that are blocked (e.g., `.swarm/`) |
 | `allowedPrefix` | string[] | Only these path prefixes are allowed. Omit to remove restriction; set `[]` to deny all |
+| `blockedGlobs` | string[] | Glob patterns that are blocked (uses picomatch: `**`, `*`, `?`) |
+| `allowedGlobs` | string[] | Glob patterns that are allowed (uses picomatch: `**`, `*`, `?`) |
 | `blockedZones` | string[] | File zones to block: `production`, `test`, `config`, `generated`, `docs`, `build` |
 ### Merge Behavior
@@ -726,6 +729,46 @@ To safely restrict a custom agent, always set `allowedPrefix` explicitly:
 }
 ```
+### Advanced Examples
+#### Glob Pattern Support
+Use glob patterns for complex path matching:
+```json
+{
+  "authority": {
+    "rules": {
+      "coder": {
+        "allowedGlobs": ["src/**/*.ts", "tests/**/*.test.ts"],
+        "blockedGlobs": ["src/**/*.generated.ts", "**/*.d.ts"],
+        "allowedExact": ["src/index.ts", "package.json"]
+      },
+      "docs_agent": {
+        "allowedGlobs": ["docs/**/*.md", "*.md"],
+        "blockedExact": [".swarm/plan.md"]
+      }
+    }
+  }
+}
+```
+**Glob Pattern Features:**
+- `**` — Match any number of directories: `src/**/*.ts` matches all TypeScript files in src/ and subdirectories
+- `*` — Match any characters except path separators: `*.md` matches all Markdown files in current directory
+- `?` — Match single character: `test?.js` matches `test1.js`, `testa.js`
+- Uses [picomatch](https://github.com/micromatch/picomatch) for cross-platform compatibility
+**Evaluation Order:**
+1. `readOnly` check (if true, deny all writes)
+2. `blockedExact` (exact path matches, highest priority)
+3. `blockedGlobs` (glob pattern matches)
+4. `allowedExact` (exact path matches, overrides prefix/glob restrictions)
+5. `allowedGlobs` (glob pattern matches)
+6. `allowedPrefix` (prefix matches)
+7. `blockedPrefix` (prefix matches)
+8. `blockedZones` (zone classification)
 </details>
 <details>

package/dist/cli/index.js CHANGED Viewed

@@ -18783,9 +18783,12 @@ var CompactionConfigSchema = exports_external.object({
 var AgentAuthorityRuleSchema = exports_external.object({
   readOnly: exports_external.boolean().optional(),
   blockedExact: exports_external.array(exports_external.string()).optional(),
+  allowedExact: exports_external.array(exports_external.string()).optional(),
   blockedPrefix: exports_external.array(exports_external.string()).optional(),
   allowedPrefix: exports_external.array(exports_external.string()).optional(),
-  blockedZones: exports_external.array(exports_external.enum(["production", "test", "config", "generated", "docs", "build"])).optional()
+  blockedZones: exports_external.array(exports_external.enum(["production", "test", "config", "generated", "docs", "build"])).optional(),
+  blockedGlobs: exports_external.array(exports_external.string()).optional(),
+  allowedGlobs: exports_external.array(exports_external.string()).optional()
 });
 var AuthorityConfigSchema = exports_external.object({
   enabled: exports_external.boolean().default(true),

package/dist/config/schema.d.ts CHANGED Viewed

@@ -474,6 +474,7 @@ export type CompactionConfig = z.infer<typeof CompactionConfigSchema>;
 export declare const AgentAuthorityRuleSchema: z.ZodObject<{
     readOnly: z.ZodOptional<z.ZodBoolean>;
     blockedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    allowedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
     blockedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
     allowedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
     blockedZones: z.ZodOptional<z.ZodArray<z.ZodEnum<{
@@ -484,6 +485,8 @@ export declare const AgentAuthorityRuleSchema: z.ZodObject<{
         generated: "generated";
         build: "build";
     }>>>;
+    blockedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    allowedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
 }, z.core.$strip>;
 export type AgentAuthorityRule = z.infer<typeof AgentAuthorityRuleSchema>;
 export declare const AuthorityConfigSchema: z.ZodObject<{
@@ -491,6 +494,7 @@ export declare const AuthorityConfigSchema: z.ZodObject<{
     rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
         readOnly: z.ZodOptional<z.ZodBoolean>;
         blockedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        allowedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
         blockedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
         allowedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
         blockedZones: z.ZodOptional<z.ZodArray<z.ZodEnum<{
@@ -501,6 +505,8 @@ export declare const AuthorityConfigSchema: z.ZodObject<{
             generated: "generated";
             build: "build";
         }>>>;
+        blockedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        allowedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>>;
 }, z.core.$strip>;
 export type AuthorityConfig = z.infer<typeof AuthorityConfigSchema>;
@@ -668,6 +674,7 @@ export declare const PluginConfigSchema: z.ZodObject<{
         rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
             readOnly: z.ZodOptional<z.ZodBoolean>;
             blockedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            allowedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
             blockedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
             allowedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
             blockedZones: z.ZodOptional<z.ZodArray<z.ZodEnum<{
@@ -678,6 +685,8 @@ export declare const PluginConfigSchema: z.ZodObject<{
                 generated: "generated";
                 build: "build";
             }>>>;
+            blockedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            allowedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
         }, z.core.$strip>>>;
     }, z.core.$strip>>;
     plan_cursor: z.ZodOptional<z.ZodObject<{

package/dist/hooks/guardrails.d.ts CHANGED Viewed

@@ -106,9 +106,12 @@ export declare function validateAndRecordAttestation(dir: string, findingId: str
 type AgentRule = {
     readOnly?: boolean;
     blockedExact?: string[];
+    allowedExact?: string[];
     blockedPrefix?: string[];
     allowedPrefix?: string[];
     blockedZones?: FileZone[];
+    blockedGlobs?: string[];
+    allowedGlobs?: string[];
 };
 export declare const DEFAULT_AGENT_AUTHORITY_RULES: Record<string, AgentRule>;
 /**